The ransomware developer Ziggy stops blackmail and distributes decryption keys to its victims.
Ransomware Ziggy ransomware shut down its illegal activities and distributed decryption keys to its victims, following concerns by its developer about recent police activity and fears that he would be arrested.
Over the weekend, the Ziggy Ransomware administrator announced on Telegram that he was terminating the mode του ransomware και θα μοιράσει όλα τα κλειδιά αποκρυπτογράφησης. Ο ίδιος διαχειριστής του ransomware είχε δηλώσει παλαιότερα ότι η ομάδα του δημιούργησε το ransomware για να κερδίσει χρήματα, καθώς ζουν σε μια “χώρα τρίτου world".
After feeling guilty about his actions and expressing his concerns about the recent businesses against ransomware Emotet and Netwalker, the administrator decided to stop the blackmail and share all the keys.
So today, the administrator of Ziggy ransomware published an SQL file containing 922 decryption keys. For each victim, the SQL file lists three keys required to decrypt their encrypted files.
The ransomware administrator also posted one decryptor in VirusTotal where victims can use the keys listed in the SQL file.
In addition to the decryption file and SQL, the ransomware administrator shared the source code of a different decryptor that contains the decryption keys for except σύνδεσης μηχανήματα.
Ransomware infections use offline decryption keys to decrypt infected victims when they are not connected to the Internet or could not access the command and control server.